Wired Magazine has a interesting article for OS X Yosemite: How to Stop Apple From Snooping on Your OS X Yosemite Searches.
...over the weekend, users of Apple’s latest operating system discovered OS X Yosemite pushes the limits of data collection tolerance one step further: its desktop search tool Spotlight uploads your search terms in real time to Apple’s remote servers, by default..and search terms will also be shared with Microsoft’s Bing search engine, an even more surprising destination for queries that Mac users likely believed they were typing in the privacy of their own computer...
But note that Bing does not store the terms (according to Apple).
UPDATE: there is a response from Apple on the page linked above. It does sound much better than it did at first. Why is this not spelled out up front seems more like a stupid goof than anything else—why generate FUD?
To search on the web, search terms do have to be transmitted to some server. This could be done completely anonymously with encryption techologies, but Apple does not implement that approach, nor does Google.
Google has always had search terms sent to its server, but I deem the Apple approach more concerning, because Apple ties so many devices together, including the potential for real-time tracking of your whereabouts, via Location Services (iPhone, iPad, laptop, iWatch, etc).
In key ways, metadata is far more of a privacy invasion than data itself; it gives a wide-ranging structural view of your activities and network of contacts and interests and so on. Very very useful stuff.
Search terms are metadata—consider these search terms: “treat genital herpes” (private medical) or “how to cook dogs” (nasty and illegal at least here in the USA) or “men seeking men” (private life). Stored on Apple servers. A Tor box doesn’t do much if you’ve signed into iCloud and everything is linked up with IP address, cookies, logins, acounts, etc.
Key questions are whether the user is advised of all the implications: are the terms stored anonymously (no) or tied as metadata to the user (yes) and/or IP address/device (yes), and for how long, etc. MPG is far from satisfied that Apple is doing the right thing here, but that is true of Google also. The recent move to iPhone encryption is only a minor point in such a context.
Apple and privacy
At Apple, your trust means everything to us. That’s why we respect your privacy and protect it with strong encryption, plus strict policies that govern how all data is handled.
... We believe in telling you up front exactly what’s going to happen to your personal information and asking for your permission before you share it with us.
... I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
In OS X Yosemite, “up front” permission was not asked of me about transmitting search terms to Apple servers, nor was I aware of search term transmission ( buried info in a dialog does not qualify). So I see OS X Yosemite search as a violation of this policy in two ways.
Note that Tim Cook cannot make promises about the future this way (what happens when he leaves?), even if he could be trusted. Nor will he violate a secret court order nor can he even acknowledge the existence of one here in the USA. But will Apple abandon China if the Chinese government demands that Apple work with them, particularly if Apple servers are in China? Heck, Tim Cook foists music into your personal space without asking. MPG doesn’t give much credence to PR statements, which have no legal stature.
Turning off search term transmission
Turning off search term transmission is not one checkbox, and not where it ought to be (under System Preferences => Security & Privacy).
To turn off the transmission of search terms, disable (uncheck) the following:
ALSO, in Safari (not shown), uncheck Search =>.